CVE-2023-54360

MEDIUM

Joomla JLex Review 6.0.1 Reflected XSS via review_id Parameter

Title source: cna

Description

Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers when clicked, enabling session hijacking or credential theft.

Exploits (1)

exploitdb WORKING POC

by CraCkEr · textwebappsphp

https://www.exploit-db.com/exploits/51645

View Code ZIP pw:eip

References (4)

[Exploit] https://www.exploit-db.com/exploits/51645

[Product] https://jlexart.com/

[Product] https://extensions.joomla.org/extension/jlex-review/

[Third Party Advisory] https://www.vulncheck.com/advisories/joomla-jlex-review-reflected-xss-via-review-id-parameter

Scores

CVSS v3 6.1

EPSS 0.0003

EPSS Percentile 9.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

Jlexart/Joomla JLex Review 6.0.1

Published Apr 09, 2026

Tracked Since Apr 10, 2026